Add fetch metadata request headers

kristapsdz · kristapsdz · commit af2c8f7186a4 · 2025-11-07T15:45:37.000-08:00
Adds the standard fetch metadata request headers (sec-fetch-xxx) to the
krequ lookup map.  Also adds a regression test for this.
diff --git a/Makefile b/Makefile
@@ -232,6 +232,7 @@ REGRESS		 = regress/test-abort-validator \
 		   regress/test-fcgi-ping \
 		   regress/test-fcgi-ping-double \
 		   regress/test-fcgi-upload \
+		   regress/test-fetch-metadata-request \
 		   regress/test-file-get \
 		   regress/test-fork \
 		   regress/test-gzip \
diff --git a/child.c b/child.c
@@ -184,6 +184,10 @@ static	const char *const krequs[KREQU__MAX] = {
 	"HTTP_PROXY_AUTHORIZATION", /* KREQU_PROXY_AUTHORIZATION */
 	"HTTP_RANGE", /* KREQU_RANGE */
 	"HTTP_REFERER", /* KREQU_REFERER */
+	"HTTP_SEC_FETCH_DEST", /* KREQU_SEC_FETCH_DEST */
+	"HTTP_SEC_FETCH_MODE", /* KREQU_SEC_FETCH_MODE */
+	"HTTP_SEC_FETCH_USER", /* KREQU_SEC_FETCH_USER */
+	"HTTP_SEC_FETCH_SITE", /* KREQU_SEC_FETCH_SITE */
 	"HTTP_USER_AGENT", /* KREQU_USER_AGENT */
 };
 
diff --git a/kcgi.h b/kcgi.h
@@ -155,6 +155,10 @@ enum	krequ {
 	KREQU_PROXY_AUTHORIZATION,
 	KREQU_RANGE,
 	KREQU_REFERER,
+	KREQU_SEC_FETCH_DEST,
+	KREQU_SEC_FETCH_MODE,
+	KREQU_SEC_FETCH_USER,
+	KREQU_SEC_FETCH_SITE,
 	KREQU_USER_AGENT,
 	KREQU__MAX
 };
diff --git a/man/kcgi.3 b/man/kcgi.3
@@ -337,6 +337,9 @@ and the
 version 1.0, published 29 April 1996.
 .Bl -bullet
 .It
+Metadata request headers are specified by
+.Lk https://w3c.github.io/webappsec-fetch-metadata "Fetch Metadata Request Headers" .
+.It
 Cookies are parsed according to
 .Dq HTTP State Management Mechanism ,
 RFC 6265.
@@ -376,12 +379,12 @@ HTTP dates (logging and date-time management) are specified by
 .It
 URL encoding and decoding is defined by RFC 3986,
 .Dq Uniform Resource Identifier (URI): Generic Syntax .
-.El
-.Pp
+.It
 Additional HTTP methods are defined by RFC 4918,
 .Dq HTTP Extensions for Web Distributed Authoring and Versioning ;
 and RFC 4791 ,
 .Dq Calendaring Extensions to WebDAV .
+.El
 .Sh AUTHORS
 The
 .Nm
diff --git a/regress/test-fetch-metadata-request.c b/regress/test-fetch-metadata-request.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) Kristaps Dzonsons <kristaps@bsd.lv>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "../config.h"
+
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <curl/curl.h>
+
+#include "../kcgi.h"
+#include "regress.h"
+
+static int
+parent(CURL *curl)
+{
+	struct curl_slist *slist;
+	int		   ret;
+
+	slist = NULL;
+	slist = curl_slist_append(slist, "Sec-Fetch-Dest: www.example.com");
+	slist = curl_slist_append(slist, "Sec-Fetch-User: ?1");
+	slist = curl_slist_append(slist, "Sec-Fetch-Mode: navigate");
+	slist = curl_slist_append(slist, "Sec-Fetch-Site: same-origin");
+	curl_easy_setopt(curl, CURLOPT_URL, "http://localhost:17123/");
+	curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist);
+	ret = curl_easy_perform(curl);
+	curl_slist_free_all(slist);
+	return(CURLE_OK == ret);
+}
+
+static int
+child(void)
+{
+	struct kreq	 r;
+	const char 	*page = "index";
+
+	if (khttp_parse(&r, NULL, 0, &page, 1, 0) != KCGI_OK)
+		return 0;
+
+	if (r.reqmap[KREQU_SEC_FETCH_DEST] == NULL ||
+	    strcmp(r.reqmap[KREQU_SEC_FETCH_DEST]->val, "www.example.com") != 0)
+		return 0;
+	if (r.reqmap[KREQU_SEC_FETCH_USER] == NULL ||
+	    strcmp(r.reqmap[KREQU_SEC_FETCH_USER]->val, "?1") != 0)
+		return 0;
+	if (r.reqmap[KREQU_SEC_FETCH_MODE] == NULL ||
+	    strcmp(r.reqmap[KREQU_SEC_FETCH_MODE]->val, "navigate") != 0)
+		return 0;
+	if (r.reqmap[KREQU_SEC_FETCH_SITE] == NULL ||
+	    strcmp(r.reqmap[KREQU_SEC_FETCH_SITE]->val, "same-origin") != 0)
+		return 0;
+
+	khttp_head(&r, kresps[KRESP_STATUS], 
+		"%s", khttps[KHTTP_200]);
+	khttp_head(&r, kresps[KRESP_CONTENT_TYPE], 
+		"%s", kmimetypes[KMIME_TEXT_HTML]);
+	khttp_body(&r);
+	khttp_free(&r);
+	return 1;
+}
+
+int
+main(int argc, char *argv[])
+{
+
+	return(regress_cgi(parent, child) ? EXIT_SUCCESS : EXIT_FAILURE);
+}
